Corporations appear to be spending more time and money on regulatory compliance now than at any other time in recent history. In fact, the largest U.S. corporations spent an average of US$4.6 million implementing Sarbanes-Oxley Act (SOX) section 404 controls in their first year of implementation, and Forrester Research estimates the five-year cost of Basel II implementation for the largest banks to be $150 million.
Recently, governmental and international regulatory bodies have been quick to introduce new rules and legislation in response to current business and geopolitical events; yet they are slow to ratchet back these regulations as the environment stabilizes. Within this ebb and flow of regulations, regulatory frameworks can take on a life of their own.
For instance, the Basel Committee — which first met in 1975 in response to the failure of Bankhaus Herstatt — remains active 30 years later and continues to evolve oversight on supervision, capital allocations and risk calculation through Basel II, which is the standard for global financial institutions. Similarly, Sept. 11, 2001, motivated further changes in the financial sector with the Patriot Act making antimoney laundering (AML) and Know Your Customer (KYC) common vocabulary in the financial services industry.
Searching for Answers
As a result, it is no wonder companies are anxious to find ways to reduce the costs and efforts required to manage compliance so they can focus their attention on their core business. Considering that SOX, Basel II and the Patriot Act all share the need for reliable control of master or reference data, leading financial services firms are looking to master data management (MDM) as the foundation for managing regulatory compliance.
Today, master data management is considered a strategic business driver as it enables institutions to unify and consolidate data about their customers, products and organizations — data that is often fragmented across different systems.
By creating a centralized master reference hub, organizations can deliver the most reliable, complete views of key business data within their existing business processes and, more importantly, leverage these data assets within operational business processes to remain in compliance, adhere to various privacy requirements and simplify the reporting process.
Establishing a Regulatory Framework
Financial institutions have been tackling compliance management issues using varied approaches to establish documented control frameworks as mandated by SOX. One common approach is to make business process management changes, while another approach is to invest in technology solutions. As an example, banks which have implemented effective and clearly documented processes and software technology to address customer on-boarding and risk management have realized significant cost advantages and have simplified their ability to adhere to regulations.
As such, a thorough look at the enabling processes and technology in these areas is worth examining, since an investment today has the potential to save countless millions in the future as ever changing regulations evolve. In contrast, organizations who select temporary solutions unique to each regulatory framework will fail to take advantage of cross-functional benefits, will ultimately add to the costly burden of compliance and will hinder their ability to focus on customer profitability and other strategic initiatives.
Building a foundation for managing regulatory compliance is one instance where a sensible investment today can have the potential to reap significant and ongoing financial and business benefits in the future.
Reference Data Management Foundation
When evaluating and selecting which business processes and technologies will best address your current and future compliance needs, financial institutions should first consider the regulations with which they must comply. More importantly, organizations should evaluate their historical compliance issues in order to identify commonalities among them, and then build a technology foundation able to address these common requirements — as history is known to be a good predictor of what is to follow.
In the case of the Patriot Act, SOX and Basel II compliance, consider that each of these share a need for reliable control of master or reference data — such as customer, counterparty, securities and employees. For example, the recent SOX regulation set out to establish controls over the creation of customers, securities, counterparties and employees with the goal of rooting out fraudulent and irregular accounting practices; while the Patriot Act requires banks to establish auditable processes for identifying customers as candidates for potential illicit activities.
Consequently, the “Know Your Customer” regulation mandates the need to evaluate the strength of customer on-boarding processes, while Basel II regulations demand improved precision in understanding securities and counterparties in order to establish accurate and meaningful risk assessments.
The new battleground for fighting each of these varying and unique regulations is master data management (MDM), as it enables companies to effectively manage the complete data lifecycle of master or reference data and also establishes a foundation for rapid and reliable compliance initiatives. In addition, a foundation for compliance based on MDM will reduce the cost of managing new regulations and can result in a clear and competitive capital advantage.
Delivering ROI With MDM
The growing appeal of next-generation master data management platforms is that they can be rapidly implemented with flexible data models, can more tightly integrate with enabling technologies, and costs can be readily justified with proven return on investment (ROI). In fact, one financial institution was able to reduce trade failure rates by 25 percent by improving counterparty data management.
The firm saved more than $50 million related to trade corrections and sunk capital opportunity costs. Another example of MDM success involved a large private client institution which realized a 12 percent cross-sell benefit and a 15 percent productivity improvement in its branch operations which ultimately added $64 million to the company’s bottom line. Return on investment results like these grab the attention of senior management and create a compelling business case for an MDM platform which is able to address more than compliance — as MDM also addresses the strategic business initiatives of the organization.
Knowing Your Customer
In a highly regulated industry, financial institutions are subject to a host of overlapping regulations — some that are specific to the types of clients they work with, while others require them to monitor and report their client’s activities to the government. At the core of these regulations, knowing your customer, their legal status and their activities will have a significant impact on an organization’s ability to comply.
After all, predicting how regulations will change in the coming years, or determining what unforeseen event may trigger new regulations, is a near-impossible endeavor. It could be a currency crisis in Asia, a new terrorist threat in Europe, a government scandal here or abroad, or another corporate debacle. Yet it is certain that new regulations will demand that companies more clearly understand who their customers and business partners are and the nature and terms of their business relationships.
Considering that SOX, Basel II and the Patriot Act all share the need for reliable control of reference data, leading financial services firms are deploying an MDM platform to build master reference data hubs in order to establish a foundation for managing regulatory compliance.
Whether you are looking to manage customer relationships, comply with regulations such as Basel II, MiFID (Markets in Financial Instruments Directive) and RegNMS (Regulation National Market System), improve credit risk management, or increase trade automation, remember that MDM is a critical enabler for all of these strategic initiatives.
Joe DosSantos is practice manager, business integration services, for Siperian, a master data management platform provider.